feat: Disable systemd-resolved stub resolver

defaults/main.yml

@@ -1,6 +1,9 @@
 ---
 # defaults file for dnsmasq
 
+# Directory to deploy override conf of systemd-resolved
+dnsmasq_resolved_directory: /etc/systemd/resolved.conf.d
+
 # Directory to deploy configuration
 dnsmasq_conf_directory: /etc/dnsmasq.d
 
@@ -8,6 +11,9 @@ dnsmasq_conf_directory: /etc/dnsmasq.d
 dnsmasq_records_directory: "{{ dnsmasq_conf_directory }}/records"
 
 # Configuration
+dnsmasq_listen_addresses:
+  - "{{ ansible_facts['default_ipv4']['address'] }}"
+  - "{{ ansible_facts['default_ipv6']['address'] }}"
 dnsmasq_domain: ""
 dnsmasq_servers: []
 dnsmasq_rev_servers: []

handlers/main.yml

@@ -8,18 +8,24 @@
       - apply-live
   become: true
 
-- name: Reload dnsmasq.service
+- name: Restart systemd-resolved.service
   ansible.builtin.systemd_service:
-    name: dnsmasq.service
+    name: systemd-resolved.service
-    state: reloaded
+    state: restarted
   become: true
-  register: dnsmasq_reload
 
-- name: Reload dnsmasq.service on dns servers
+- name: Restart dnsmasq.service
   ansible.builtin.systemd_service:
-    state: reloaded
     name: dnsmasq.service
-  when: dnsmasq_reload is undefined
+    state: restarted
+  become: true
+  register: dnsmasq_restarted
+
+- name: Restart dnsmasq.service on dns servers
+  ansible.builtin.systemd_service:
+    name: dnsmasq.service
+    state: restarted
+  when: dnsmasq_restarted is undefined
   become: true
   loop: "{{ dnsmasq_hosts }}"
   delegate_to: "{{ item }}"

tasks/configuration.yml

@@ -1,6 +1,29 @@
 ---
 # tasks file for dnsmasq
 
+- name: Create path to override systemd-resolved
+  ansible.builtin.file:
+    path: "{{ dnsmasq_resolved_directory }}"
+    state: directory
+    owner: root
+    group: root
+    mode: u=rwX,g=rX,o=rX
+  become: true
+  notify: Restart systemd-resolved.service
+
+- name: Disable stub resolver of systemd-resolved
+  ansible.builtin.template:
+    src: stub-listener.conf.j2
+    dest: "{{ dnsmasq_resolved_directory }}/stub-listener.conf"
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  become: true
+  notify: Restart systemd-resolved.service
+
+- name: Flush handlers
+  meta: flush_handlers
+
 - name: Create records directory
   ansible.builtin.file:
     path: "{{ dnsmasq_records_directory }}"
@@ -24,7 +47,7 @@
     group: root
     mode: u=rw,g=r,o=r
   become: true
-  notify: Reload dnsmasq.service
+  notify: Restart dnsmasq.service
 
 - name: Deploy specific records
   ansible.builtin.template:
@@ -35,4 +58,4 @@
     mode: u=rw,g=r,o=r
   when: dnsmasq_specifics | length > 0
   become: true
-  notify: Reload dnsmasq.service
+  notify: Restart dnsmasq.service

tasks/installation.yml

@@ -16,7 +16,7 @@
       - --assumeyes
       - --idempotent
       - dnsmasq
-    creates: /sysroot/ostree/repo/refs/heads/rpmostree/pkg/dnsmasq
+    creates: /usr/sbin/dnsmasq
   when: ansible_facts['pkg_mgr'] == "atomic_container"
   become: true
   notify: Apply installation

tasks/records.yml

@@ -15,4 +15,4 @@
   loop_control:
     loop_var: dnsserver
   run_once: true
-  notify: Reload dnsmasq.service on dns servers
+  notify: Restart dnsmasq.service on dns servers

templates/dnsmasq.conf.j2

@@ -1,5 +1,8 @@
 # {{ ansible_managed }}
 
+# Listen addresses
+listen-address={{ dnsmasq_listen_addresses | sort | join(',') }}
+
 # Ne pas transmettre les requêtes avec un nom court (pas FQDN)
 domain-needed
 

templates/stub-listener.conf.j2

@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+[Resolve]
+DNSStubListener=no